Fix a bug in buf_move_all() when the input buffer is empty.

We found this in #40076, after we started using buf_move_all() in more places. Fixes bug #40076; bugfix on 0.3.3.1-alpha. As far as I know, the crash only affects master, but I think this warrants a backport, "just in case".
2024-11-23 20:03:31 +01:00 · 2020-07-30 14:24:25 -04:00 · 2020-07-30 14:24:25 -04:00 · c4742b89b2
commit c4742b89b2
parent 0a588821cb
3 changed files with 7 additions and 2 deletions
--- a/changes/bug40076
+++ b/changes/bug40076
@ -0,0 +1,5 @@
+  o Minor bugfixes (correctness, buffers):
+    - Fix a correctness bug that could cause an assertion failure if we ever
+      tried using the buf_move_all() function with an empty input.
+      As far as we know, no released versions of Tor do this.
+      Fixes bug 40076; bugfix on 0.3.3.1-alpha.
--- a/src/lib/container/buffers.c
+++ b/src/lib/container/buffers.c
@ -689,6 +689,8 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in)
  tor_assert(buf_out);
  if (!buf_in)
    return;
+  if (buf_datalen(buf_in) == 0)
+    return;
  if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX))
    return;
  if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen))
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@ -310,7 +310,6 @@ test_buffers_move_all(void *arg)
  buf_t *output = buf_new();
  char *s = NULL;

-#if 0
  /* Move from empty buffer to nonempty buffer. (This is a regression test for
   * #40076) */
  buf_add(output, "abc", 3);
@ -329,7 +328,6 @@ test_buffers_move_all(void *arg)
  /* Move from empty to empty. */
  output = buf_new();
  input = buf_new();
-#endif
  buf_move_all(output, input);
  buf_assert_ok(input);
  buf_assert_ok(output);